search

impress-org / give-payumoney

Integrate Give with the PayUmoney payment gateway.
https://givewp.com/addons/payumoney-gateway/
3 stars 1 forks source link

Confirm the user pointing out some high risk vulnerability (i.e. Amount Tampering) within our add-on. #10

Closed marutim closed 6 years ago

marutim commented 6 years ago

User Story

We have a ticket in Helpscout, where the user is claiming that they had an audit from the HDFC Bank staff and they have pointed out to some high-risk vulnerability (i.e. Amount Tampering) within our add-on.

Dear Maruti,

I spoke with the tech team at the HDFC Bank payment gateway integration . They told me that the reverse hash sent from the payment gateway has to be checked before logging transaction as successful .

The information is available in detail in the integration document - page 19, 20 and 21. I am attaching the same here for your quick reference (available on GitHub as well)

Related link

HS link: https://secure.helpscout.net/conversation/656840067/24825?folderId=1457790

Attachment

Integration Document Version 2.6.pdf

raftaar1191 commented 6 years ago

Get all the other details and decision of the issue from the below link

Slack Chat: https://givewp.slack.com/archives/C0FAGC83C/p1536321451000100